Divi 4.25.2 Patches Vulnerability and Fixes PHP Issues

Divi Updates
June 13, 2024

This Divi update doesn’t add any new functionality, but it addresses several very important issues and should be installed right away.

version 4.25.2 (updated 06-12-2024)

  • Security Update: Fixed a stored XSS vulnerability that made it possible for users with Contributor role or above to insert JavaScript code onto the page via the Divi Builder Gallery module’s shortcode. Props to Ngô Thiên An (ancorn_) for the responsible disclosure.
  • Hide Role Editor settings related to Theme Options, Theme Builder, Theme Customizer, Divi Library, and Support Center for roles without edit_theme_options capability. By default, this changes effected Editor, Author, and Contributor roles, unless they have edit_theme_options capability.
  • Fixed a PHP fatal error that occurred in some cases when importing Theme Builder layouts.
  • Fixed a PHP notice that occurred during Social Media module Twitter to X migration.
  • Fixed a PHP warning (Undefined array key 0).
    • core/components/Portability.php
    • core/components/SupportCenter.php
    • core/components/Updates.php
    • core/components/init.php
    • core/functions.php
    • epanel/core_functions.php
    • epanel/custom_functions.php
    • functions.php
    • includes/builder/class-et-builder-value.php
    • includes/builder/core.php
    • includes/builder/frontend-builder/theme-builder/admin.php
    • includes/builder/functions.php
    • includes/builder/module/Gallery.php
    • includes/builder/module/settings/migration/SocialMediaFollowNetworkTwitterToX.php
    • includes/builder/scripts/frontend/scripts.js


Submit a Comment

Your email address will not be published. Required fields are marked *

Free Subscription

Get Divi, WordPress and Web design tips along with notifications of new videos!